Computer Forensic Case Assessment and Triage

Computer Forensics Miscellany

Triage

At the time of writing, in 2009, it is commonplace for digital forensic units to have a backlog, several as long as twelve months. Many units have increased in size but have still continued to have a backlog and it is suggested that bringing more staff into a unit will not on its own reduce the backlog of work. This paper discusses how cases submitted to units can be assessed and prioritised, and how computer forensic triage software can be used to target resources more efficiently.

Computer Forensics Case Assessment and Triage Discussion Paper

and mentioned within the paper a prioritisation matrix. This matrix was developed in order to score cases and is much more structured than any other, in 2011 it was adopted by a UK ACPO national project tasked with rationalising digital forensic unit working practices. The matrix was also customised to deal with cases within the Notts Police Sexual Exploitation Unit and used to score and prioritise their cases.

The author invites discussion on this topic and would welcome any comments on how the issues are dealt with within other units.